Difference between revisions of "OWASP .NET Recommended Resources"

From OWASP
Jump to: navigation, search
(Blogs & People)
(Added a reference to Troy Hunt's OWASP Top 10 for .NET developers series.)
(20 intermediate revisions by 2 users not shown)
Line 21: Line 21:
 
*OWASP Guidance and Tools
 
*OWASP Guidance and Tools
  
===Articles & Projects===
+
===Blogs & People===
  
[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]
+
===== OWASP =====
 +
[https://lists.owasp.org/pipermail/owasp-phoenix/2009-May/000079.html OWASP-Phoenix List Reply regarding GSSP .NET Cert] from [http://twitter.com/atdre Dre]
  
[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]
+
==== General ====
 +
[http://securitybuddha.com/ Mark Curphrey's Blog]
  
[http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]
+
[http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]
  
[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]
+
[http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]
  
[http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]
+
[http://www.leastprivilege.com Dominick Baier's Blog]
 +
 
 +
[http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog]
 +
 
 +
[http://blogs.msdn.com/ace_team/ Microsoft's ACE Team]
 +
 
 +
===Advisories, Articles & Projects===
  
 
[http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]
 
[http://msdn.microsoft.com/en-us/library/ms978357.aspx Security and Operational Guidance for .NET Applications]
 +
 +
[http://msdn2.microsoft.com/en-us/library/yedba920.aspx ASP.NET Security Architecture]
  
 
[http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]
 
[http://msdn.microsoft.com/en-us/library/ms998404.aspx patterns & practices Security Engineering Index]
Line 43: Line 53:
 
[http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]
 
[http://msdn.microsoft.com/en-us/library/ms978378.aspx Authentication in ASP.NET: .NET Security Guidance]
  
===Online References===
+
[http://msdn2.microsoft.com/en-us/library/ms998404.aspx Security Engineering]
 +
 
 +
[http://www.developer.com/design/article.php/3607471 Solutions to SOA Security]
 +
 
 +
[http://en.wikipedia.org/wiki/WS-%2A Web Service Specifications]
 +
 
 +
[http://www.codeplex.com/WCFSecurity Security Guidance for Windows Communication Foundation]
 +
 
 +
[http://www.microsoft.com/technet/security/advisory/954462.mspx Microsoft Security Advisory (954462) (SQL Injection Advisory)]
 +
 
 +
===Online References, Training===
  
 
[http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]
 
[http://msdn2.microsoft.com/en-us/practices/default.aspx Patterns and Practices]
Line 50: Line 70:
  
 
[http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]
 
[http://msdn.microsoft.com/en-us/security/default.aspx MSDN Security Developer Center]
 +
 +
[http://blogs.technet.com/feliciano_intini/pages/microsoft-blogs-and-web-resources-about-security.aspx Microsoft Security Resources]
 +
 +
[http://www.pluralsight.com/main/olt/Module.aspx?a=keith-brown&n=aspdotnet-security&cn=aspdotnet-fundamentals ASP.NET Security Webcasts - Kieth Brown]
 +
 +
[http://www.troyhunt.com/2010/05/owasp-top-10-for-net-developers-part-1.html OWASP Top 10 for .NET developers - Troy Hunt]
  
 
===Books and Publications===
 
===Books and Publications===
Line 67: Line 93:
 
[http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]
 
[http://www.microsoft.com/downloads/details.aspx?familyid=59888078-9daf-4e96-b7d1-944703479451&displaylang=en Microsoft Threat Analysis & Modeling v2.1.2]
  
===Blogs & People===
+
[http://www.codeplex.com/guidanceExplorer Patterns and Practices Guidance Explorer]
  
[http://securitybuddha.com/ Mark Curphrey's Blog]
+
[http://blogs.msdn.com/alikl/archive/2007/03/26/security-net-code-inspection-using-outlook-2007.aspx Security Code Review Checklist Generator]
  
[http://blogs.msdn.com/michael_howard/default.aspx Michael Howard's Blog]
+
[http://msdn.microsoft.com/en-us/security/aa973814.aspx Anti-Cross Site Scripting]
  
[http://blogs.msdn.com/jmeier/archive/tags/Security+Development/default.aspx J.D. Meier's Blog]
+
[http://learn.iis.net/page.aspx/473/using-urlscan URLScan]
  
[http://www.leastprivilege.com Dominick Baier's Blog]
+
[http://support.microsoft.com/kb/954476 Microsoft Source Code Analyzer]
 +
 
 +
[http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2008/06/23/finding-sql-injection-with-scrawlr.aspx Scrawlr]
  
[http://blogs.msdn.com/shawnfa/default.aspx Shawn Farkas' Blog ()]
+
[http://support.microsoft.com/kb/954476 MS Source Code Analyser for SQL Injection]

Revision as of 16:27, 4 December 2011

OWASP .NET Quick Reference

Contents

OWASP .NET Recommended Resources

Areas of Concern

  • Getting Started
  • Tutorials
  • Best Practices
  • OWASP Guidance and Tools

Blogs & People

OWASP

OWASP-Phoenix List Reply regarding GSSP .NET Cert from Dre

General

Mark Curphrey's Blog

Michael Howard's Blog

J.D. Meier's Blog

Dominick Baier's Blog

Shawn Farkas' Blog

Microsoft's ACE Team

Advisories, Articles & Projects

Security and Operational Guidance for .NET Applications

ASP.NET Security Architecture

patterns & practices Security Engineering Index

patterns & practices Security Guidance for Applications Index

patterns & practices Security Guidance for .NET Framework 2.0

Authentication in ASP.NET: .NET Security Guidance

Security Engineering

Solutions to SOA Security

Web Service Specifications

Security Guidance for Windows Communication Foundation

Microsoft Security Advisory (954462) (SQL Injection Advisory)

Online References, Training

Patterns and Practices

Patterns and Practices Security Wiki

MSDN Security Developer Center

Microsoft Security Resources

ASP.NET Security Webcasts - Kieth Brown

OWASP Top 10 for .NET developers - Troy Hunt

Books and Publications

Writing Secure Code, Michael Howard and David LeBlanc

Microsoft Security Development Lifecycle 3.2

Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication, J.D. Meier, Alex Mackman, Michael Dunner, and Srinath Vasireddy

Improving Web Application Security: Threats and Countermeasures, J.D. Meier, Alex Mackman, Michael Dunner, Srinath Vasireddy, Ray Escamilla and Anandha Murukan

Developer Highway Code, Microsoft Corp, United Kingdom

Tools

Microsoft Threat Analysis & Modeling v2.1.2

Patterns and Practices Guidance Explorer

Security Code Review Checklist Generator

Anti-Cross Site Scripting

URLScan

Microsoft Source Code Analyzer

Scrawlr

MS Source Code Analyser for SQL Injection